1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
summary: Ensure that the shared-memory interface works.
details: |
The shared-memory interface allows two snaps to share a POSIX shared memory
object declared in the slot of the provider snap.
prepare: |
"$TESTSTOOLS"/snaps-state install-local shm-slot
"$TESTSTOOLS"/snaps-state install-local shm-plug
execute: |
echo "When the interface is connected"
snap connect shm-plug:shmem shm-slot:shmem
snap connect shm-plug:shmem-wildcard shm-slot:shmem-wildcard
# Test writable SHM areas
echo "Verify that the slot snap can create a writable SHM, and plug can read it"
shm-slot.cmd sh -c 'echo "writable area" > /dev/shm/writable-bar'
shm-plug.cmd cat /dev/shm/writable-bar | MATCH "writable area"
shm-slot.cmd sh -c 'echo "writable area" > /dev/shm/any-writable-ANYTHING'
shm-plug.cmd cat /dev/shm/any-writable-ANYTHING | MATCH "writable area"
echo "Plug can also write to it"
shm-plug.cmd sh -c 'echo "client can also write" > /dev/shm/writable-bar'
shm-slot.cmd cat /dev/shm/writable-bar | MATCH "client can also write"
shm-plug.cmd sh -c 'echo "client can also write" > /dev/shm/any-writable-ANYTHING'
shm-slot.cmd cat /dev/shm/any-writable-ANYTHING | MATCH "client can also write"
echo "And vice-versa: plug creates, slot reads"
shm-slot.cmd rm /dev/shm/writable-bar
shm-slot.cmd rm /dev/shm/any-writable-ANYTHING
shm-plug.cmd sh -c 'echo "another test" > /dev/shm/writable-bar'
shm-slot.cmd cat /dev/shm/writable-bar | MATCH "another test"
shm-plug.cmd sh -c 'echo "another test" > /dev/shm/any-writable-OTHER-THING'
shm-slot.cmd cat /dev/shm/any-writable-OTHER-THING | MATCH "another test"
# Test read-only SHM areas
echo "Verify that the slot snap can create a readable SHM, and plug can read it"
shm-slot.cmd sh -c 'echo "read-only area" > /dev/shm/readable-foo'
shm-plug.cmd cat /dev/shm/readable-foo | MATCH "read-only area"
shm-slot.cmd sh -c 'echo "read-only area" > /dev/shm/any-readable-FOO'
shm-plug.cmd cat /dev/shm/any-readable-FOO | MATCH "read-only area"
if [ "$(snap debug confinement)" = strict ] ; then
echo "Plug cannot write to it"
if shm-plug.cmd sh -c 'echo "I cannot write this" > /dev/shm/readable-foo'; then
echo "Plug snap should not be able to write to read-only SHM area"
exit 1
fi
if shm-plug.cmd sh -c 'echo "I cannot write this" > /dev/shm/any-readable-FOO'; then
echo "Plug snap should not be able to write to read-only SHM area"
exit 1
fi
echo "Double-check that the data was not changed"
shm-slot.cmd cat /dev/shm/readable-foo | MATCH "read-only area"
shm-slot.cmd cat /dev/shm/any-readable-FOO | MATCH "read-only area"
else
echo "Skipping check on disallowed write, because of partial confinement"
fi
# cleanup
shm-slot.cmd rm /dev/shm/writable-bar /dev/shm/readable-foo /dev/shm/any-writable-OTHER-THING /dev/shm/any-readable-FOO
echo "Disconnect the interface"
snap disconnect shm-plug:shmem
snap disconnect shm-plug:shmem-wildcard
if [ "$(snap debug confinement)" = partial ] ; then
echo "Do not execute checks with disconnected plug on systems where confinement doesn't work"
exit 0
fi
echo "Neither snap should be able to access the SHM now"
if shm-slot.cmd sh -c 'echo "test1" > /dev/shm/writable-bar'; then
exit 1
fi
if shm-plug.cmd sh -c 'echo "test2" > /dev/shm/writable-bar'; then
exit 1
fi
if shm-plug.cmd cat /dev/shm/writable-bar; then
exit 1
fi
if shm-slot.cmd sh -c 'echo "test3" > /dev/shm/readable-bar'; then
exit 1
fi
if shm-plug.cmd cat /dev/shm/readable-bar; then
exit 1
fi
|
